Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-94

CWE-94

Medium likelihood

Improper Control of Generation of Code ('Code Injection')

Parent: CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

6,458 vulnerabilities with CWE-94

CVE-2026-7090 LOW

code-projects Chat System send_message.php cross site scripting

CVE-2026-7089 MEDIUM

code-projects Home Service System Appointment Booking booking.php cross site scripting

CVE-2026-7027 LOW

D-Link DSL-2740R Wireless Setup Section cross site scripting

CVE-2026-7026 MEDIUM

D-Link DGS-3420 System Information Settings cross site scripting

CVE-2026-7016 LOW

MaxSite CMS ushki Plugin cross site scripting

CVE-2026-7015 LOW

MaxSite CMS Guestbook Plugin cross site scripting

CVE-2026-7014 LOW

MaxSite CMS down_count Plugin cross site scripting

CVE-2026-7013 LOW

MaxSite CMS mail_send Plugin cross site scripting

CVE-2026-7012 LOW

MaxSite CMS Redirect Plugin cross site scripting

CVE-2026-7011 LOW

MaxSite CMS Antispam Plugin plugin_antispam cross site scripting

CVE-2026-7001 LOW

Datacom DM4100 Ethernet Configuration cross site scripting

CVE-2026-7000 LOW

Datacom DM4100 VLAN Page cross site scripting

CVE-2026-6999 LOW

BIVOCOM TR321 Wireless Setting cross site scripting

CVE-2026-6998 LOW

BDCOM P3310D New RMON Statistics cross site scripting

CVE-2026-6997 LOW

BDCOM P3310D New RMON History cross site scripting

CVE-2026-6996 LOW

BDCOM P3310D rmon event Tab cross site scripting

CVE-2026-6995 LOW

BDCOM P3310D New User index.asp cross site scripting

CVE-2026-6990 LOW

projeto-siga novo cross site scripting

CVE-2026-6951 CRITICAL

simple-git < 3.36.0 - Remote Code Execution via Git Config Option Injection

CVE-2026-41414 HIGH

Skim: Arbitrary code execution via pull_request_target fork checkout in pr.yml

CVE-2026-41044 HIGH

Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia

CVE-2026-40466 HIGH

Apache ActiveMQ Broker < 5.19.6 and 6.0.0 to before 6.2.5 - Remote Code Execution

CVE-2026-41138 HIGH

Flowise AirtableAgent.ts - Pandas Code Injection RCE

CVE-2026-41137 CRITICAL

Flowise: Code Injection in CSVAgent leads to Authenticated RCE

CVE-2026-41246 HIGH

Contour: Lua code injection via Cookie Path Rewrite Policy

Previous Page 12 of 259 Next

Details

Vulnerabilities 6,458

Exploit Likelihood Medium

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy